CVE-2025-0163

Published: Jun 11, 2025Modified: Aug 13, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: psirt@us.ibm.com (Secondary)

Description

IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts.

Affected (2)

Products: Ibm: Security Verify Access, Security Verify Access Docker

Ibm

2 products

Security Verify Access

Security Verify Access Docker

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Security Verify Access	From 10.0.0 to 10.0.9
Ibm Security Verify Access Docker	From 10.0.0 to 10.0.9

Related CWEs

CWE-204

Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

References (1)

https://www.ibm.com/support/pages/node/7236314

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.